From 733f06585106979c63aa7c702fb835f48b8d67b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?D=C3=A9borah=20Servili?=
 <Delta-Sierra@users.noreply.github.com>
Date: Wed, 11 Jan 2017 16:14:45 +0100
Subject: [PATCH] begin preventive-measure galaxy

---
 clusters/preventive-measure.json | 57 ++++++++++++++++++++++++++++++++
 galaxies/preventive-measure.json |  7 ++++
 2 files changed, 64 insertions(+)
 create mode 100644 clusters/preventive-measure.json
 create mode 100644 galaxies/preventive-measure.json

diff --git a/clusters/preventive-measure.json b/clusters/preventive-measure.json
new file mode 100644
index 0000000..1dcdc38
--- /dev/null
+++ b/clusters/preventive-measure.json
@@ -0,0 +1,57 @@
+{
+  "values": [
+    {
+      "meta": {
+        "refs": [
+          "http://windows.microsoft.com/en-us/windows/back-up-restore-faq#1TC=windows-7."
+        ],
+        "Complexity": "Medium",
+        "Effectiveness": "High", 
+        "Impact": "Low", 
+        "Type": "Recovery"
+      },
+      "value": "Backup and Restore Process",
+      "description": "Make sure to have adequate backup processes on place and frequently test a restore of these backups. 
+       (Schrödinger's backup - it is both existent and non-existent until you've tried a restore"
+    },
+    {
+      "meta": {
+        "refs": [
+          "https://support.office.com/en-us/article/Enable-or-disable-macros-in-Office-files-12b036fd-d140-4e74-b45e-16fed1a7e5c6?ui=en-US&rs=en-US&ad=US",
+          "https://www.404techsupport.com/2016/04/office2016-macro-group-policy/?utm_source=dlvr.it&utm_medium=twitter"
+        ],
+        "Complexity": "Low",
+        "Effectiveness": "High", 
+        "Impact": "Low", 
+        "Type": "GPO"
+      },
+      "value": "Block Macros",
+      "description": "Disable macros in Office files downloaded from the Internet. This can be configured to work in two different modes:
+       A.) Open downloaded documents in 'Protected View'
+       B.) Open downloaded documents and block all macros"
+    },
+    {
+      "meta": {
+        "refs": [
+          "http://www.windowsnetworking.com/kbase/WindowsTips/WindowsXP/AdminTips/Customization/DisableWindowsScriptingHostWSH.html"
+        ],
+        "Complexity": "Low",
+        "Effectiveness": "Medium", 
+        "Impact": "Medium", 
+        "Type": "GPO"
+      },
+      "value": "Disable WSH",
+      "description": "Disable Windows Script Host"
+    },
+  ],
+  "name": "Preventive Measure",
+  "type": "preventive-measure",
+  "source": "MISP Project",
+  "authors": [
+    "Various"
+  ],
+  "description": "Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.",
+  "uuid": "1a8e55eb-a0ff-425b-80e0-30df866f8f65",
+  "version": 1
+}
+
diff --git a/galaxies/preventive-measure.json b/galaxies/preventive-measure.json
new file mode 100644
index 0000000..9046977
--- /dev/null
+++ b/galaxies/preventive-measure.json
@@ -0,0 +1,7 @@
+{
+   "name": "Preventive Measure",
+   "type": "preventive-measure",
+   "description": "Preventive measures based on the ransomware document overview as published in https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/pubhtml# . The preventive measures are quite generic and can fit any standard Windows infrastructure and their security measures.",
+   "version": 1,
+   "uuid": "8168995b-adcd-4684-9e37-206c5771505a"
+}